Securing mySQL traffic from distributed pollers

This is a new installation and my first distributed polling implementation (all previous efforts were dedicated servers). As my intended targets are scattered across multiple colocation facilities and multiple private networks, traffic from remote pollers will traverse the public internet. Although I could certainly setup VPN tunnels, I am concerned about the performance degradation and the complexity of the VPN topology. I am exploring the use of secured connections to the dbserver (10.2.6-MariaDB). I have installed the required SSL certs/keys and configured the db server successfully. I have successfully tested local and remote connections using the standard mysql client and a sample PHP script using the LibreNMS credentials and database. PHP mysqli provides a function call (mysqli_ssl_set) to specify the SSL keys/cert infomration prior to the mysqli_real_connect function which establishes the connection. I am seeking to find the appropriate parameters to use in config.php to provide the SSL info. A standard config (user credentials, port, host address, etc) yields the expected access denied response.

I would appreciate any / all recommendations.

There is no way to set mysql to use ssl at this time, but we would accept this change.

However, for distributed polling, there is no way to encrypt the rrd traffic. That would require a VPN.

Understood. Thank you for the quick reply. VPN it is. :slight_smile: